[PATCH] cifs: fix setting SecurityFlags to true
Steve French
smfrench at gmail.com
Thu Jul 11 15:40:16 UTC 2024
V2 of patch
If you try to set /proc/fs/cifs/SecurityFlags to 1 it
will set them to CIFSSEC_MUST_NTLMV2 which no longer is
relevant (the less secure ones like lanman have been removed
from cifs.ko) and is also missing some flags (like for
signing and encryption) and can even cause mount to fail,
so change this to set it to Kerberos in this case.
Also change the description of the SecurityFlags to remove mention
of flags which are no longer supported.
On Tue, Jul 9, 2024 at 6:45 PM Steve French <smfrench at gmail.com> wrote:
>
> If you try to set /proc/fs/cifs/SecurityFlags to 1 it
> will set them to CIFSSEC_MUST_NTLMV2 which is obsolete and no
> longer checked, and will cause mount to fail, so change this
> to set it to a more understandable default (ie include Kerberos
> as well).
>
> Also change the description of the SecurityFlags to remove mention
> of various flags which are no longer supported (due to removal
> of weak security such as lanman and ntlmv1).
>
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-cifs-fix-setting-SecurityFlags-to-true.patch
Type: text/x-patch
Size: 4304 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20240711/a40b27c0/0001-cifs-fix-setting-SecurityFlags-to-true.bin>
More information about the samba-technical
mailing list